package org.infinispan.test.integration.security.tasks;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.infinispan.test.integration.security.embedded.LdapAuthenticationIT;
import org.jboss.as.arquillian.api.ServerSetupTask;
import org.jboss.as.arquillian.container.ManagementClient;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.operations.common.Util;
import org.jboss.as.test.integration.security.common.CoreUtils;
import org.jboss.as.test.integration.security.common.config.AuthnModule;
import org.jboss.as.test.integration.security.common.config.JSSE;
import org.jboss.as.test.integration.security.common.config.JaspiAuthn;
import org.jboss.as.test.integration.security.common.config.LoginModuleStack;
import org.jboss.as.test.integration.security.common.config.SecureStore;
import org.jboss.as.test.integration.security.common.config.SecurityDomain;
import org.jboss.as.test.integration.security.common.config.SecurityModule;
import org.jboss.dmr.ModelNode;
import org.jboss.logging.Logger;

/* loaded from: input_file:org/infinispan/test/integration/security/tasks/AbstractSecurityDomainsServerSetupTask.class */
public abstract class AbstractSecurityDomainsServerSetupTask implements ServerSetupTask {
    private static final Logger LOGGER = Logger.getLogger(AbstractSecurityDomainsServerSetupTask.class);
    private static final String ROLE = "role";
    private static final String SUBSYSTEM_SECURITY = "security";
    protected ManagementClient managementClient;
    private SecurityDomain[] securityDomains;

    public void setup(ManagementClient managementClient, String str) throws Exception {
        List<ModelNode> createJaspiAuthnNodes;
        this.managementClient = managementClient;
        this.securityDomains = getSecurityDomains();
        if (this.securityDomains == null || this.securityDomains.length == 0) {
            LOGGER.warn("Empty security domain configuration.");
            return;
        }
        LinkedList linkedList = new LinkedList();
        for (SecurityDomain securityDomain : this.securityDomains) {
            String name = securityDomain.getName();
            if (LOGGER.isInfoEnabled()) {
                LOGGER.info("Adding security domain " + name);
            }
            ModelNode modelNode = new ModelNode();
            modelNode.get("operation").set("composite");
            modelNode.get("address").setEmptyList();
            ModelNode modelNode2 = modelNode.get("steps");
            ModelNode createAddOperation = Util.createAddOperation(PathAddress.pathAddress(new PathElement[0]).append("subsystem", SUBSYSTEM_SECURITY).append("security-domain", name));
            if (StringUtils.isNotEmpty(securityDomain.getCacheType())) {
                createAddOperation.get("cache-type").set(securityDomain.getCacheType());
            }
            modelNode2.add(createAddOperation);
            if (!createSecurityModelNode("authentication", "login-module", "flag", "required", securityDomain.getLoginModules(), name, modelNode2) && (createJaspiAuthnNodes = createJaspiAuthnNodes(securityDomain.getJaspiAuthn(), securityDomain.getName())) != null) {
                Iterator<ModelNode> it = createJaspiAuthnNodes.iterator();
                while (it.hasNext()) {
                    modelNode2.add(it.next());
                }
            }
            createSecurityModelNode("authorization", "policy-module", "flag", "required", securityDomain.getAuthorizationModules(), name, modelNode2);
            createSecurityModelNode("mapping", "mapping-module", "type", ROLE, securityDomain.getMappingModules(), name, modelNode2);
            ModelNode createJSSENode = createJSSENode(securityDomain.getJsse(), securityDomain.getName());
            if (createJSSENode != null) {
                modelNode2.add(createJSSENode);
            }
            linkedList.add(modelNode);
        }
        CoreUtils.applyUpdates(linkedList, managementClient.getControllerClient());
    }

    public void tearDown(ManagementClient managementClient, String str) throws Exception {
        if (this.securityDomains == null || this.securityDomains.length == 0) {
            LOGGER.warn("Empty security domain configuration.");
            return;
        }
        ArrayList arrayList = new ArrayList();
        for (SecurityDomain securityDomain : this.securityDomains) {
            String name = securityDomain.getName();
            if (LOGGER.isInfoEnabled()) {
                LOGGER.info("Removing security domain " + name);
            }
            ModelNode modelNode = new ModelNode();
            modelNode.get("operation").set("remove");
            modelNode.get("address").add("subsystem", SUBSYSTEM_SECURITY);
            modelNode.get("address").add("security-domain", name);
            modelNode.get(new String[]{"operation-headers", "rollback-on-runtime-failure"}).set(false);
            modelNode.get(new String[]{"operation-headers", "allow-resource-service-restart"}).set(true);
            arrayList.add(modelNode);
        }
        CoreUtils.applyUpdates(arrayList, managementClient.getControllerClient());
        this.managementClient = null;
    }

    private List<ModelNode> createJaspiAuthnNodes(JaspiAuthn jaspiAuthn, String str) {
        if (jaspiAuthn == null) {
            LOGGER.info("No security configuration for JASPI module.");
            return null;
        }
        if (jaspiAuthn.getAuthnModules() == null || jaspiAuthn.getAuthnModules().length == 0 || jaspiAuthn.getLoginModuleStacks() == null || jaspiAuthn.getLoginModuleStacks().length == 0) {
            throw new IllegalArgumentException("Missing mandatory part of JASPI configuration in the security domain.");
        }
        ArrayList arrayList = new ArrayList();
        PathAddress append = PathAddress.pathAddress(new PathElement[0]).append("subsystem", SUBSYSTEM_SECURITY).append("security-domain", str).append("authentication", "jaspi");
        arrayList.add(Util.createAddOperation(append));
        for (AuthnModule authnModule : jaspiAuthn.getAuthnModules()) {
            LOGGER.info("Adding auth-module: " + authnModule);
            ModelNode createAddOperation = Util.createAddOperation(append.append("auth-module", authnModule.getName()));
            arrayList.add(createAddOperation);
            createAddOperation.get("code").set(authnModule.getName());
            if (authnModule.getFlag() != null) {
                createAddOperation.get("flag").set(authnModule.getFlag());
            }
            if (authnModule.getModule() != null) {
                createAddOperation.get("module").set(authnModule.getModule());
            }
            if (authnModule.getLoginModuleStackRef() != null) {
                createAddOperation.get("login-module-stack-ref").set(authnModule.getLoginModuleStackRef());
            }
            Map options = authnModule.getOptions();
            if (options == null) {
                LOGGER.info("No module options provided.");
                options = Collections.emptyMap();
            }
            ModelNode modelNode = createAddOperation.get("module-options");
            for (Map.Entry entry : options.entrySet()) {
                String str2 = (String) entry.getKey();
                String str3 = (String) entry.getValue();
                modelNode.add(str2, str3);
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Adding module option [" + str2 + "=" + str3 + "]");
                }
            }
        }
        for (LoginModuleStack loginModuleStack : jaspiAuthn.getLoginModuleStacks()) {
            PathAddress append2 = append.append("login-module-stack", loginModuleStack.getName());
            arrayList.add(Util.createAddOperation(append2));
            for (SecurityModule securityModule : loginModuleStack.getLoginModules()) {
                String name = securityModule.getName();
                ModelNode createAddOperation2 = Util.createAddOperation(append2.append("login-module", name));
                String defaultIfEmpty = StringUtils.defaultIfEmpty(securityModule.getFlag(), "required");
                createAddOperation2.get("code").set(name);
                createAddOperation2.get("flag").set(defaultIfEmpty);
                if (LOGGER.isInfoEnabled()) {
                    LOGGER.info("Adding JASPI login module stack [code=" + name + ", flag=" + defaultIfEmpty + "]");
                }
                Map options2 = securityModule.getOptions();
                if (options2 == null) {
                    LOGGER.info("No module options provided.");
                    options2 = Collections.emptyMap();
                }
                ModelNode modelNode2 = createAddOperation2.get("module-options");
                for (Map.Entry entry2 : options2.entrySet()) {
                    String str4 = (String) entry2.getKey();
                    String str5 = (String) entry2.getValue();
                    modelNode2.add(str4, str5);
                    if (LOGGER.isDebugEnabled()) {
                        LOGGER.debug("Adding module option [" + str4 + "=" + str5 + "]");
                    }
                }
                createAddOperation2.get("operation-headers").get("allow-resource-service-restart").set(true);
                arrayList.add(createAddOperation2);
            }
        }
        return arrayList;
    }

    private boolean createSecurityModelNode(String str, String str2, String str3, String str4, SecurityModule[] securityModuleArr, String str5, ModelNode modelNode) {
        if (securityModuleArr == null || securityModuleArr.length == 0) {
            if (!LOGGER.isInfoEnabled()) {
                return false;
            }
            LOGGER.info("No security configuration for " + str + " module.");
            return false;
        }
        PathAddress append = PathAddress.pathAddress(new PathElement[0]).append("subsystem", SUBSYSTEM_SECURITY).append("security-domain", str5).append(str, "classic");
        modelNode.add(Util.createAddOperation(append));
        for (SecurityModule securityModule : securityModuleArr) {
            String name = securityModule.getName();
            ModelNode createAddOperation = Util.createAddOperation(append.append(str2, name));
            String defaultIfEmpty = StringUtils.defaultIfEmpty(securityModule.getFlag(), str4);
            createAddOperation.get("code").set(name);
            createAddOperation.get(str3).set(defaultIfEmpty);
            Map options = securityModule.getOptions();
            if (options == null) {
                LOGGER.info("No module options provided.");
                options = Collections.emptyMap();
            }
            if (LOGGER.isInfoEnabled()) {
                LOGGER.info("Adding " + str + " module [code=" + name + ", " + str3 + "=" + defaultIfEmpty + ", options = " + options + "]");
            }
            ModelNode modelNode2 = createAddOperation.get("module-options");
            for (Map.Entry entry : options.entrySet()) {
                modelNode2.add((String) entry.getKey(), (String) entry.getValue());
            }
            createAddOperation.get("operation-headers").get("allow-resource-service-restart").set(true);
            modelNode.add(createAddOperation);
        }
        return true;
    }

    private ModelNode createJSSENode(JSSE jsse, String str) {
        if (jsse == null) {
            if (!LOGGER.isInfoEnabled()) {
                return null;
            }
            LOGGER.info("No security configuration for JSSE module.");
            return null;
        }
        ModelNode modelNode = new ModelNode();
        modelNode.get("operation").set("add");
        modelNode.get("address").add("subsystem", SUBSYSTEM_SECURITY);
        modelNode.get("address").add("security-domain", str);
        modelNode.get("address").add("jsse", "classic");
        addSecureStore(jsse.getTrustStore(), "truststore", modelNode);
        addSecureStore(jsse.getKeyStore(), "keystore", modelNode);
        modelNode.get("operation-headers").get("allow-resource-service-restart").set(true);
        return modelNode;
    }

    private void addSecureStore(SecureStore secureStore, String str, ModelNode modelNode) {
        if (secureStore == null) {
            return;
        }
        if (secureStore.getUrl() != null) {
            modelNode.get(new String[]{str, "url"}).set(secureStore.getUrl().toExternalForm());
        }
        if (secureStore.getPassword() != null) {
            modelNode.get(new String[]{str, LdapAuthenticationIT.READER_PASSWD}).set(secureStore.getPassword());
        }
        if (secureStore.getType() != null) {
            modelNode.get(new String[]{str, "type"}).set(secureStore.getType());
        }
    }

    protected abstract SecurityDomain[] getSecurityDomains() throws Exception;
}
